Hi,
I need to append in a csv file only records which are unique from a certain date/time.
The aim is to have only new events added to the csv file (and so the search would be scheduled)
I used the `outputlookup append=true MyFile.csv`, but that appends results every time, including the previous one.
Is there a way to put in the outputlookup comand criteria about other fields (such as _time or created_date...)?
The only way I am thinking is fixing the timerange of the search which charges the csv file...
Any suggestions?
Thanks,
Skender
↧